[conspire] Warning to domain owners: renewal/transfer scam

[Rick Moen]

Quoting Don Marti (dmarti at zgp.org):

> If you have a business listing or a .com domain,
> you'll also get fake bills from off-brand "Yellow
> Pages" operators.  ("Yellow Pages" is not a trademark
> in the USA, but it is in the UK and Australia.)
> And fly-by-night SEOs charging you to be "listed
> on Google."  And "bills" for inkjet cartridges that
> have "Order form: not a bill" in miniscule print at
> the bottom.  And a bushel of other scams.
> 
> (The trend is for vendors that offer products and
> services to small business to insist on a credit card,
> instead of the old purchase order/invoice system.
> So these scams probably stand out a little more than
> they used to.)

I making a point of having records of the correct, full names of all the
firms I choose to do business with -- and am considering keeping
independent reference records in my PDA of their correct USPS addresses
and telephone numbers -- specifically because I like being confident of
whom I'm dealing with, and confident that I'm doing business with
someone *I've* decided to deal with.  There are a couple of reasons for
that.  One is social-engineering frauds of various kinds.  The other is
just business policy.

Long experience suggests that it's worthwhile being selective about
whom I'm willing to have business contracts with.  (This is part of my
problem with Web 2.0 business sites:  Who _are_ these people, and why do
I want to enter into business contracts with them?)  Even if you never
get ripped off, dealing with bottom-feeding, dubious businesses impairs
one's quality of life, and it's always a good idea to walk away from bad
business situations.

In that respect, it was a bit unnerving, about a decade ago, to find
that one of my credit card accounts had been "sold" from one bank to
another:  Suddenly, I was being asked and expected to do business with a
firm *I* had never heard of and hadn't decided to deal with.
Eventually, I did close that account -- and decided that, henceforth, no
more business dealings except with firms of _my_ choosing.  Later, Sears
decided to close all of its Sears Charge card accounts including mine,
and gave us customers the great and cheery news that instead we'd be
issued "Sears Charge Plus" accounts from Citibank instead of from Sears
Roebuck.  Sorry, Citibank:  I never decided I wanted to use your
services.  I cancelled.

Anyway, about fraud precautions:  Back when I was at VA Linux Systems,
an incoming telephone call got routed to me.  It was from a fellow at
Sunnyvale Police Department, whom we'll call Officer Obie.

Obie:  I'm calling because we've recovered a number of stolen computers,
       some of which are manufactured by your company.  I have the 
       serial numbers here, and would like contact information for
       the units' purchasers, so we can attempt to get their property
       back to them (or whoever bought from them).
Rick:  I don't want you to take this the wrong way, but all I know
       about your call is that you're a voice on a telephone.  I 
       hope you don't mind if I call you back.  Are you reachable
       via the Sunnyvale PD main number?
Obie:  Here, let me give you my direct line, instead....
Rick:  Again, absolutely no offence intended, but because I don't
       know what direct number an unknown voice on a telephone will
       give me, I'd rather go through the switchboard.  Will that
       work.
Obie.  Yes.
[a minute later]
Obie:  Huh.  {pause}  Nobody's ever raised that concern before!
Rick:  I'm actually not surprised.